CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10403 – SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav
https://notcve.org/view.php?id=CVE-2024-10403
21 Nov 2024 — Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25145 • CWE-528: Exposure of Core Dump File to an Unauthorized Control Sphere •
CVSS: 9.0EPSS: 0%CPEs: 36EXPL: 1CVE-2024-3596 – RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.
https://notcve.org/view.php?id=CVE-2024-3596
09 Jul 2024 — RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. El protocolo RADIUS según RFC 2865 es susceptible a ataques de falsificación por parte de un atacante local que puede modificar cualquier respuesta válida (acceso-aceptación, acceso-rechazo o acceso-desafío) a cualquier otra respuesta... • https://github.com/alperenugurlu/CVE-2024-3596-Detector • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-328: Use of Weak Hash CWE-354: Improper Validation of Integrity Check Value CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5460 – Brocade Fabric OS versions prior to v9.0 have default community strings
https://notcve.org/view.php?id=CVE-2024-5460
25 Jun 2024 — A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device. Una vulnerabilidad en la confi... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24409 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29954 – password management API prints sensitive information in log files
https://notcve.org/view.php?id=CVE-2024-29954
25 Jun 2024 — A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line. Una vulnerabilidad en una API de administ... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29953 – Encoded session passwords on session storage for Virtual Fabric platforms
https://notcve.org/view.php?id=CVE-2024-29953
25 Jun 2024 — A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords. Una vulnerabilidad en la interfaz web en Brocade Fabric OS anterior a v9.2.1, v9.2.0b y v9.1.1d imprime contraseñas de sesión codificadas en el almacenamiento de sesiones para plataformas Virtual Fabric. Esto podría permitir que un usuario autentica... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23227 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5973 – Truncated port name
https://notcve.org/view.php?id=CVE-2023-5973
05 Apr 2024 — Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display. La interfaz web de Brocade en Brocade Fabric OS v9.x y versiones anteriores a v9.2.0 no representa correctamente el nombre del puerto para el usuario si el nombre del puerto contiene caracteres reservados. Esto podría permitir a un usuario aute... • https://security.netapp.com/advisory/ntap-20240628-0005 • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0CVE-2023-3454
https://notcve.org/view.php?id=CVE-2023-3454
04 Apr 2024 — Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch. Vulnerabilidad de ejecución remota de código (RCE) en Brocade Fabric OS posterior a v9.0 y anterior a v9.2.0 podría permitir a un atacante ejecutar código arbitrario y usarlo para obtener acceso raíz al conmutador Brocade. • https://security.netapp.com/advisory/ntap-20240628-0004 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2021-27795 – License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software,
https://notcve.org/view.php?id=CVE-2021-27795
06 Dec 2023 — Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. Plataformas de hardware Brocade Fabric OS (FOS) que ejecutan cualquier versión d... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4163 – Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
https://notcve.org/view.php?id=CVE-2023-4163
31 Aug 2023 — In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. En Brocade Fabric OS antes de v9.2.0a, un usuario privilegiado autenticado localmente puede desencadenar una condición de desbordamiento de búfer, lo que lleva a un pánico del kernel con una gran entrada a los búferes en el comando portcfgfportbuffers. • https://security.netapp.com/advisory/ntap-20231130-0001 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3489 – firmwaredownload command could log servers passwords in clear text
https://notcve.org/view.php?id=CVE-2023-3489
30 Aug 2023 — The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. El comando firmwaredownload en Brocade Fabric OS v9.2.0 podría registrar la contraseña del servidor FTP/SFTP/SCP en texto plano en el archivo "SupportSave" al realizar un downgrade de Fabric OS v9.2.0 a culaquier versión anterior de Fabric OS. • https://security.netapp.com/advisory/ntap-20231124-0003 • CWE-312: Cleartext Storage of Sensitive Information •